Key skills
AWSAzureCloudAIRisk ManagementCommunication
About this role
Role Overview
- Lead all aspects of the compliance lifecycle across multiple public sector frameworks (e.g., FedRAMP, GovRAMP), including risk assessments, continuous monitoring, audits, and authorization management
- Drive complex cross-functional program management efforts involving teams across security, legal, engineering, infrastructure, and product functions.
- Serve as a subject matter expert on risk management and regulatory compliance for federal, state, and local government environments.
- Develop and maintain comprehensive security documentation aligned with applicable frameworks, including System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and data flow diagrams.
- Monitor compliance with control requirements (e.g., NIST 800-53, GovRAMP Baselines) and coordinate the implementation of technical and procedural safeguards.
- Engage with third-party assessors (3PAOs or independent assessors), government sponsors, and internal teams to support assessments and audits.
- Lead readiness assessments and support the prioritization of remediation activities across teams.
- Manage timely tracking and closure of vulnerabilities and findings; ensure reporting and documentation obligations are met.
- Provide risk-informed compliance recommendations that influence infrastructure and product development decisions.
- Collaborate with legal and government affairs teams to ensure compliance with emerging federal and state regulatory requirements.
- Stay informed on evolving threats, compliance trends, and guidance updates across FedRAMP, GovRAMP, NIST, and other frameworks.
Requirements
- 5+ years of experience in information security or compliance, with a focus on government and public sector regulatory frameworks (e.g., FedRAMP, GovRAMP, FISMA, NIST RMF).
- Knowledge of NIST SP 800-53 and experience mapping controls across frameworks.
- Experience with cloud environments like AWS GovCloud or Azure Government, including implementation of compliant architectures.
- Proven ability to manage large-scale compliance programs across diverse stakeholder groups.
- Demonstrated success developing and maintaining regulatory documentation and audit evidence.
- Experience leading engagements with internal teams, assessors, and government partners.
- Strong written and verbal communication skills, including translating between technical and executive audiences.
- Excellent organizational skills and the ability to manage multiple initiatives with competing priorities.
- Self-starter with strong problem-solving abilities in ambiguous, fast-moving environments.
Tech Stack
- AWS
- Azure
- Cloud
Benefits
- 100% medical, dental & vision insurance coverage for you
- Partially covered for your dependents
- One Medical annual membership
- 401k (including employer match on contributions made while employed by Ramp)
- Flexible PTO
- Fertility HRA (up to $10,000 per year)
- Parental Leave
- Unlimited AI token usage
- Pet insurance
- Centralized home-office equipment ordering for all employees
- Health and Wellness stipend
- In-office perks: lunch, snacks, drinks, and more
- Budget for intra-office travel
- Relocation support to NYC or SF (as needed)